Summary: | <=www-client/opera-9.52 multiple vulnerabilites (CVE-2009-{2351,3269}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jer |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2351 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2009-07-13 21:30:33 UTC
jer, is this fixed in the newest in-tree version? From http://downloads.securityfocus.com/vulnerabilities/exploits/mustlive-browser.txt: With request to script at web site: http://www.example.com/script.php?param=javascript:alert(document.cookie) Which returns in answer the refresh header: refresh: 0; URL=javascript:alert(document.cookie) CVE-2009-3269 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3269): Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. Vulnerable versions are no longer in the team. GLSA Vote: No. Age -> GLSA Vote: No. Thanks, folks. Closing noglsa with two No votes. |